mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hermes-agent/tools
History
Teknium 3e203de125
fix(skills): block category path traversal in skill manager (#3844) 
Validate category names in _create_skill() before using them as
filesystem path segments. Previously, categories like '../escape' or
'/tmp/pwned' could write skill files outside ~/.hermes/skills/.

Adds _validate_category() that rejects slashes, backslashes, absolute
paths, and non-alphanumeric characters (reuses existing VALID_NAME_RE).

Tests: 5 new tests for traversal, absolute paths, and valid categories.

Salvaged from PR #1939 by Gutslabs.
2026-03-29 20:08:22 -07:00
..
browser_providers feat(browser): multi-provider cloud browser support + Browser Use integration 2026-03-17 00:16:34 -07:00
environments feat: mount skill credential files + fix env passthrough for remote backends (#3671) 2026-03-28 23:53:40 -07:00
neutts_samples refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow 2026-03-17 02:33:12 -07:00
__init__.py chore: remove all remaining mini-swe-agent references 2026-03-24 08:19:23 -07:00
ansi_strip.py fix: strip ANSI at the source — clean terminal output before it reaches the model 2026-03-23 07:43:12 -07:00
approval.py fix: add self-termination guard for pkill/killall targeting hermes/gateway (#3593) 2026-03-28 14:33:48 -07:00
browser_tool.py fix(browser): guard LLM response content against None in snapshot and vision (#3642) 2026-03-28 17:25:04 -07:00
checkpoint_manager.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
clarify_tool.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
code_execution_tool.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
credential_files.py feat: mount skill credential files + fix env passthrough for remote backends (#3671) 2026-03-28 23:53:40 -07:00
cronjob_tools.py feat(gateway): add Feishu/Lark platform support (#3817) 2026-03-29 18:17:42 -07:00
debug_helpers.py refactor: consolidate debug logging across tools with shared DebugSession class 2026-02-21 03:53:24 -08:00
delegate_tool.py fix: report subagent status as completed when summary exists (#3829) 2026-03-29 18:21:36 -07:00
env_passthrough.py feat: env var passthrough for skills and user config (#2807) 2026-03-24 08:19:34 -07:00
file_operations.py fix(paths): respect HERMES_HOME for protected .env write-deny path (#3840) 2026-03-29 18:02:11 -07:00
file_tools.py fix: replace hardcoded ~/.hermes paths with get_hermes_home() for profile support 2026-03-28 13:51:08 -07:00
fuzzy_match.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
homeassistant_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
honcho_tools.py fix(banner): show honcho tools as available when configured (#3810) 2026-03-29 15:55:05 -07:00
image_generation_tool.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
interrupt.py feat: enhance interrupt handling and container resource configuration 2026-02-23 02:11:33 -08:00
mcp_oauth.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
mcp_tool.py feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812) 2026-03-29 15:52:54 -07:00
memory_tool.py fix: cap percentage displays at 100% in stats, gateway, and memory tool (#3599) 2026-03-28 14:55:18 -07:00
mixture_of_agents_tool.py fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449) 2026-03-27 15:28:19 -07:00
neutts_synth.py fix(tts): document NeuTTS provider and align install guidance (#1903) 2026-03-18 02:55:30 -07:00
openrouter_client.py refactor: route ad-hoc LLM consumers through centralized provider router 2026-03-11 20:02:36 -07:00
patch_parser.py fix: handle addition-only hunks in V4A patch parser (#3325) 2026-03-26 19:38:04 -07:00
process_registry.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
registry.py feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812) 2026-03-29 15:52:54 -07:00
rl_training_tool.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
send_message_tool.py feat(gateway): add Feishu/Lark platform support (#3817) 2026-03-29 18:17:42 -07:00
session_search_tool.py fix: session_search fallback preview on summarization failure (salvage #3413) (#3478) 2026-03-27 21:27:51 -07:00
skill_manager_tool.py fix(skills): block category path traversal in skill manager (#3844) 2026-03-29 20:08:22 -07:00
skills_guard.py fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449) 2026-03-27 15:28:19 -07:00
skills_hub.py feat(skills): add garrytan/gstack as default Skills Hub tap (#3605) 2026-03-28 14:55:49 -07:00
skills_sync.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
skills_tool.py feat(skills): support external skill directories via config (#3678) 2026-03-29 00:33:30 -07:00
terminal_tool.py fix: make display_hermes_home imports lazy to prevent ImportError during hermes update (#3776) 2026-03-29 15:15:17 -07:00
tirith_security.py chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119) 2026-03-25 19:47:58 -07:00
todo_tool.py feat(tools): centralize tool emoji metadata in registry + skin integration 2026-03-15 20:21:21 -07:00
transcription_tools.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00
tts_tool.py fix: make display_hermes_home imports lazy to prevent ImportError during hermes update (#3776) 2026-03-29 15:15:17 -07:00
url_safety.py fix(security): add SSRF protection to vision_tools and web_tools (hardened) 2026-03-23 15:40:42 -07:00
vision_tools.py fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449) 2026-03-27 15:28:19 -07:00
voice_mode.py chore: remove ~100 unused imports across 55 files (#3016) 2026-03-25 15:02:03 -07:00
web_tools.py feat(web): add Exa as a web search and extract backend (#3648) 2026-03-28 17:35:53 -07:00
website_policy.py refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062) 2026-03-25 15:54:28 -07:00